With the New Gmail, People Will Know When You Open That Message

Beware: Google just made it easier for people to know if you’re opening their email messages.

Today, the web giant announced a change to its popular Gmail service: Images embedded in emails will now be automatically displayed, saving users from clicking on a “display images” link and, Google claims, making “your messages more safe and secure.” But buried in the fine print, a different picture emerges.

The new setup also means that people and companies who send you email will be able to find out when you’ve opened and read their messages, because loading these images requires a call back to the sender’s server. That said, the sender still has to know how to rig their emails to take advantage of this, and that means that sophisticated corporations are far more likely to take advantage of this privacy hole than your friends and relatives. They’ll have to evade Google’s filters for “suspicious” content, and you’ll have to check your Gmail over the web — not via a local client — for this change to impact you. But it’s an important development.

Other email clients automatically load images, but Google’s change brings this to what is now the world’s largest service. The good news is that you can turn off the new change. But most people won’t know any better.

Here’s how Google phrases the issue with a disclosure in the last paragraph of a recently posted support document: “In some cases, senders may be able to know whether an individual has opened a message with unique image links. As always, Gmail scans every message for suspicious content and if Gmail considers a sender or message potentially suspicious, images won’t be displayed and you’ll be asked whether you want to see the images.”

In other words, Google will try to protect you from malware and scammers, but the new image-loading system can, by its very nature, leak information on your email reading habits. That’s because the images in question, the images that used to be regularly suppressed by Gmail and which will now be regularly shown, are loaded from remote servers and laid into emails constructed like webpages, using the HTML markup language.

In contrast to image attachments, which can be displayed with full privacy, such hotlinked images effectively “phone home” when loaded, since they must be retrieved from the sender’s server. Google is intercepting such image requests and re-routing them through its own servers, a step that shields your IP address and location from the sender. But such proxying doesn’t keep the sender from knowing when you open the message, assuming the sender is sufficiently clever. By inserting a unique, identifying image address into each email, like “http://example.com/flower-pic-for-user-427.jpg,” the sender can know that Google’s proxies are acting on your behalf, and thus infer that you have opened a given email message.

MailChimp, a bulk email service, says in an update at the bottom of this blog post that today’s changes should help it better track when people open emails. The Google change “means we’ll be more accurate when tracking unique opens,” the company says. “By leaving images turned off, Gmail has been allowing subscribers to open emails without downloading our tracking pixel, so those opens were invisible to us. If Gmail is going to display images automatically, those previously invisible opens should suddenly become visible.”

Previously, Gmail took a stronger stance on privacy. For example, back when competitors like Yahoo Mail regularly attached users’ home IP addresses to their mail messages, Gmail left such privacy-eroding data out. So it’s sad to see Google taking a step backward — and being less than forthcoming about the implications. For bulk business emailers, this development is a big plus. For ordinary humans, not so much.